# create an osbs server
- import_playbook:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=oci_registry:oci_registry_stg"

- name: make the box be real
  hosts: oci_registry:oci_registry_stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios_client
  - { role: zabbix/zabbix_agent,
      when: env == "staging" }
  - hosts
  - { role: openvpn/client,
      when: env != "staging" }
  - ipa/client
  - collectd/base
  - rsyncd
  - sudo
  - role: nfs/client
    mnt_dir: '/srv/registry'
    nfs_src_dir: "oci_registry"
    when: inventory_hostname.startswith(('oci-registry01.iad2', 'oci-registry02.iad2'))

  - role: nfs/client
    mnt_dir: '/srv/registry'
    nfs_src_dir: "oci_candidate_registry"
    when: inventory_hostname.startswith(('oci-candidate-registry01.iad2'))

  pre_tasks:
  - name: Create /srv/registry on staging since it does not use NFS
    file:
      path: /srv/registry
      state: directory
      owner: root
      group: root
      mode: 0755
    when: "env == 'staging'"
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: setup docker distribution registry
  hosts: oci_registry:oci_registry_stg
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - /srv/private/ansible/vars.yml
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml


  # NOTE: tls is disabled for docker-distribution because we are listening only
  #       on localhost and all external connections will be through httpd which
  #       will be SSL enabled.
  roles:
    - {
      role: docker-distribution,
        conf_path: "/etc/docker-distribution/registry/config.yml",
        tls: {
          enabled: False,
        },
        log: {
          fields: {
            service: "registry"
          }
        },
        storage: {
          filesystem: {
            rootdirectory: "/srv/registry"
          }
        },
        http: {
          addr: ":5000"
        }
      }

    # Setup compose-x86-01 push docker images to registry
    - {
      role: login-registry,
        candidate_registry: "candidate-registry.stg.fedoraproject.org",
        candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
        candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
      when: env == "staging",
      delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
    }
    - {
      role: login-registry,
        candidate_registry: "candidate-registry.fedoraproject.org",
        candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
        candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
      when: env == "production",
      delegate_to: "compose-x86-01.{{ datacenter }}.fedoraproject.org"
    }
